Home » RDBMS Server » Security » TDE wallet creation and setup (Oracle10g,Windows)
TDE wallet creation and setup [message #336241] Fri, 25 July 2008 06:27 Go to next message
RobinOracle
Messages: 9
Registered: July 2008
Junior Member
I have to use TDE to encrypt column in my database. I have created a wallet through Wallet manager and stored it in a directory on local system.

I have accordingly modified the sqlnet.ora file and given the path where my created wallet exists. My sqlnet.ora file looks like this:

SQLNET.AUTHENTICATION_SERVICES = (NTS)

NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)



WALLET_LOCATION = (SOURCE = (METHOD = FILE) (METHOD_DATA = (DIRECTORY =c:\oracle\product\admin\kendev01\wallet)))


SQLNET.WALLET_OVERRIDE = TRUE
SSL_CLIENT_AUTHENTICATION = FALSE
SSL_VERSION = 0


after this in SQL*PLUS i have typed the following query:

ALTER SYSTEM SET ENCRYPTION WALLET OPEN IDENTIFIED BY "Check_M8";

but i am getting ORA-28367 error wallet does not exist.

I have even tried the follwing query:
ALTER SYSTEM SET ENCRYPTION KEY IDENTIFIED BY "Check_M8";

but still its giving me error: cannot auto create wallet.

please help me.
Re: TDE wallet creation and setup [message #336244 is a reply to message #336241] Fri, 25 July 2008 06:31 Go to previous messageGo to next message
Michel Cadot
Messages: 68718
Registered: March 2007
Location: Saint-Maur, France, https...
Senior Member
Account Moderator
ORA-28367: wallet does not exist
 *Cause:  The Oracle wallet has not been created or the wallet location
          parameters in sqlnet.ora specifies an invalid wallet path.
 *Action: Verify that the WALLET_LOCATION or the ENCRYPTION_WALLET_LOCATION
          parameter is correct and that a valid wallet exists in the path
          specified.

Regards
Michel
Re: TDE wallet creation and setup [message #336248 is a reply to message #336244] Fri, 25 July 2008 06:37 Go to previous messageGo to next message
RobinOracle
Messages: 9
Registered: July 2008
Junior Member
yes i have checked my sqlnet.ora file and it contains exactly the same path where my wallet resides. But still it is not able to identify the path and not able to locate the wallet. In Wallet manager i am able to successfully close and open my wallet but when done through SQL* PLUS it is giving me error.

are there some changes need to be done in my Listener.ora file?

[Updated on: Fri, 25 July 2008 06:39]

Report message to a moderator

Re: TDE wallet creation and setup [message #336271 is a reply to message #336248] Fri, 25 July 2008 08:29 Go to previous messageGo to next message
Michel Cadot
Messages: 68718
Registered: March 2007
Location: Saint-Maur, France, https...
Senior Member
Account Moderator
The first statement should be "ALTER SYSTEM SET ENCRYPTION KEY IDENTIFIED BY "Check_M8";".
Remove wallet in your wallet directory (if any).
Check permissions on directory.

I never had any problem for this simple setting.

Oh I see! You MUST not create the wallet, the previous statement creates it.

Regards
Michel

[Updated on: Fri, 25 July 2008 08:29]

Report message to a moderator

Re: TDE wallet creation and setup [message #336307 is a reply to message #336271] Fri, 25 July 2008 10:42 Go to previous messageGo to next message
RobinOracle
Messages: 9
Registered: July 2008
Junior Member
yes i have done that also. I have removed the wallet from the directory and executed the query
"ALTER SYSTEM SET ENCRYPTION KEY IDENTIFIED BY "Check_M8";

but still its giving me "cannot auto create wallet" error.

I dont know where the problem is as it really seems a very simple setting.

I have granted all permissions of the directory to the oracle dba...Is there any other way to check directory permissions? I have a good Java development experience but i am new to Oracle so I am struggling a bit.
Re: TDE wallet creation and setup [message #336308 is a reply to message #336241] Fri, 25 July 2008 10:46 Go to previous messageGo to next message
BlackSwan
Messages: 26766
Registered: January 2009
Location: SoCal
Senior Member
GOOGLE reports Results 1 - 10 of about 95 for "cannot auto create wallet"
but I don't know if any would provide clues or solution

>SQLNET.AUTHENTICATION_SERVICES = (NTS)
In the past line above has proved to be problematic.
You might consider commenting it out & trying again.
It can't hurt seeing as how it is not working now.

Hope This Helps!

[Updated on: Fri, 25 July 2008 10:48] by Moderator

Report message to a moderator

Re: TDE wallet creation and setup [message #336499 is a reply to message #336308] Sun, 27 July 2008 22:35 Go to previous messageGo to next message
RobinOracle
Messages: 9
Registered: July 2008
Junior Member
hi..thanks for the reply...

I tried after removing SQLNET.AUTHENTICATION_SERVICES line but alas its still giving "Cannot auto create wallet": Its telling some already created wallet may exist in specified location but in my location there is no wallet. Its empty.

I dont know from where it is finding some wallet and displaying the same error again and again.

In my Documemnts and Settings/USER_PROFILE/ORACLE/WALLETS location there is one wallet existing but i have not given this location path to my sqlnet.ora.

Should i try removing that wallet also?
Re: TDE wallet creation and setup [message #336533 is a reply to message #336499] Mon, 28 July 2008 01:08 Go to previous messageGo to next message
Michel Cadot
Messages: 68718
Registered: March 2007
Location: Saint-Maur, France, https...
Senior Member
Account Moderator
Are you sure you are using the sqlnet.ora file you think you use? Check TNS_ADMIN value, if any.

Regards
Michel
Re: TDE wallet creation and setup [message #336625 is a reply to message #336533] Mon, 28 July 2008 07:35 Go to previous messageGo to next message
RobinOracle
Messages: 9
Registered: July 2008
Junior Member
hi michel...thanks a lot for the reply...i have set TNS_ADMIN in my environment variables to the location where my sqlnet.ora and tnsnames.ora resides...still same error...

is there any other place where tns_admin need to be set?or there is some other approach?

Re: TDE wallet creation and setup [message #336638 is a reply to message #336625] Mon, 28 July 2008 08:36 Go to previous messageGo to next message
Michel Cadot
Messages: 68718
Registered: March 2007
Location: Saint-Maur, France, https...
Senior Member
Account Moderator
Registry
Environment
Script itself


Regards
Michel
Re: TDE wallet creation and setup [message #336642 is a reply to message #336638] Mon, 28 July 2008 08:49 Go to previous messageGo to next message
RobinOracle
Messages: 9
Registered: July 2008
Junior Member
yes i have set it in registry and environment...problem still persists... Sad
Re: TDE wallet creation and setup [message #336647 is a reply to message #336642] Mon, 28 July 2008 09:00 Go to previous messageGo to next message
RobinOracle
Messages: 9
Registered: July 2008
Junior Member
in my registry i have two locations under oracle:
1.KEY_OraClient10g_home1
2.KEY_OraDb10g_home1

in which of these i have to add my TNS_ADMIN variable?

I have added it to KEY_OraDb10g_home1.


Re: TDE wallet creation and setup [message #336663 is a reply to message #336647] Mon, 28 July 2008 09:57 Go to previous messageGo to next message
Michel Cadot
Messages: 68718
Registered: March 2007
Location: Saint-Maur, France, https...
Senior Member
Account Moderator
Put it in both.

Regards
Michel
Re: TDE wallet creation and setup [message #336765 is a reply to message #336663] Mon, 28 July 2008 23:20 Go to previous messageGo to next message
RobinOracle
Messages: 9
Registered: July 2008
Junior Member
sorry to trouble you but one more clarification michel...

there are two locations where my sqlnet.ora and tnsnames.ora resides.These are:

1.C:\oracle\product\10.2.0\db_1\network\ADMIN
2.C:\oracle\product\10.2.0\client_1\NETWORK\ADMIN

to which path my TNS_ADMIN should point?
Re: TDE wallet creation and setup [message #336798 is a reply to message #336765] Tue, 29 July 2008 01:14 Go to previous messageGo to next message
Michel Cadot
Messages: 68718
Registered: March 2007
Location: Saint-Maur, France, https...
Senior Member
Account Moderator
Remove all TNS_ADMIN and put your wallet location in both sqlnet.ora.

Regards
Michel
Re: TDE wallet creation and setup [message #336806 is a reply to message #336798] Tue, 29 July 2008 01:46 Go to previous messageGo to next message
RobinOracle
Messages: 9
Registered: July 2008
Junior Member
tat i had done long back michel wen i started this work. My both sqlnet.ora points to same wallet location. but the problem came after that only.

i think there is some problem in my oracle installation only...i have tried all possible combinations but my problem is not getting solved...its the easiest thing in which i m stuck.
Re: TDE wallet creation and setup [message #685543 is a reply to message #336798] Wed, 02 February 2022 13:31 Go to previous message
wrigh
Messages: 1
Registered: February 2022
Junior Member
Resolved! It's funny I run into this same issue 13 years later!
This was a RAC database and I had created wallet in DBname wallet directory.
Created ORACLE_SID/wallet directories, put the wallet there and boom!
Issue resolved.
Previous Topic: Cannot connect with SYS password
Next Topic: Remove and Disable the HSM
Goto Forum:
  


Current Time: Mon Dec 02 08:31:58 CST 2024